CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration...

4.3CVSS6.6AI score0.00215EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 11:26 p.m.•6 views

CVE-2022-30899

A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/partcategories...

4.8CVSS6.5AI score0.00219EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:26 p.m.•3 views

CVE-2022-22701

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...

6.5CVSS6.4AI score0.00375EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 6:43 p.m.•4 views

CVE-2021-39390

Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter...

5.4CVSS5.9AI score0.0024EPSS

Exploits1References1

CNVD•added 2022/06/09 12:0 a.m.•15 views

PartKeepr Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in PartKeepr version 1.4.0, which is an inventory management software designed primarily for electronic components. The vulnerability stems from a security issue in the name field in /api/partcategories. An attacker could exploit this vulnerability to...

3.5CVSS3.1AI score0.00219EPSS

Exploits0Affected Software1

ATTACKERKB•added 2022/06/08 4:15 p.m.•1 views

CVE-2022-30899

A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/partcategories...

4.8CVSS5.8AI score0.00219EPSS

Exploits0References2

OSV•added 2022/06/08 4:15 p.m.•11 views

CVE-2022-30899

A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/partcategories...

4.8CVSS6.5AI score

Exploits0References1

NVD•added 2022/06/08 4:15 p.m.•10 views

CVE-2022-30899

A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/partcategories...

4.8CVSS0.00219EPSS

Exploits0References1

Prion•added 2022/06/08 4:15 p.m.•10 views

Cross site scripting

A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/partcategories...

3.5CVSS5AI score0.00219EPSS

Exploits0References1Affected Software1

CVE•added 2022/06/08 3:51 p.m.•503 views

CVE-2022-30899

CVE-2022-30899 describes a Cross Site Scripting vulnerability in PartKeepr 1.4.0, exploitable via the name field in /api/part_categories. The issue stems from improper input handling that allows injected JavaScript when rendering the name, enabling potential code execution in a user’s browser. Af...

4.8CVSS5AI score0.00219EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/06/08 3:51 p.m.•12 views

CVE-2022-30899

A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/partcategories...

5.3AI score0.00219EPSS

Exploits0References1

CNNVD•added 2022/06/08 12:0 a.m.•4 views

PartKeepr 跨站脚本漏洞

4.8CVSS5.2AI score0.00219EPSS

Exploits0References2

CNVD•added 2022/05/08 12:0 a.m.•26 views

PartKeepr Cross-Site Scripting Vulnerability

PartKeepr is an inventory management software. Designed primarily for electronic components, PartKeepr version 1.4.0 suffers from a cross-site scripting vulnerability that stems from a lack of name parameters in multiple api ports of the edit module to filter user-supplied data and output data...

3.5CVSS3.3AI score0.0024EPSS

Exploits1Affected Software1

OSV•added 2022/05/03 1:15 p.m.•9 views

CVE-2021-39390

Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter...

5.4CVSS5.8AI score

Exploits0References3

NVD•added 2022/05/03 1:15 p.m.•10 views

CVE-2021-39390

Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter...

5.4CVSS0.0024EPSS

Exploits1References3